Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing

This script is Copyright (C) 2000-2016 Tenable Network Security, Inc.

Synopsis :

The remote service is vulnerable to inforamtion disclosure.

Description :

It is possible to retrieve the listing of the remote
directories accessible via HTTP, rather than their index.html,
using the Index Server service which provides WebDav capabilities
to this server.

This problem allows an attacker to gain more knowledge
about the remote host, and may make him aware of hidden
HTML files.

See also :

Solution :

Disable the Index Server service.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.8

Family: Web Servers

Nessus Plugin ID: 10526 ()

Bugtraq ID: 1756

CVE ID: CVE-2000-0951

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now